Dear All,
So recently I had received a new PC by my organization. i9 13GEN + 4090. Updated everything and installed D5 2.6.1.0423. After sometime I had a TDR delay issue. Which is the case with large files. (Which wasn’t what I was working on a large file).
Let me also give you a backdrop of where I work. We are a closed system and with an IT organization with systems in place for cyber threats to safeguard our data. Coming up to the issue at hand.
After running the PC at admin mode to fix the TDR delay. The D5 started mis-behaving itself. Every time it started asking for admin mode to start and run. Which it never did before. Next after giving it admin access. The file wouldn’t open but it would be stuck at 0%. After half n hour of constantly trying to make the file open or run a new file or opening from SketchUp plugin sync. It dint budge and it kept being stuck at 0%. During the process of running the app after closing the app in task manager, I found that there was a -command being run each time when running D5. Due to the command added in front of the shortcut/exe, it always asked for admin right to run. Which it never did before.
It looked like this below when I click more properties in the admin rights box trying to understand why would it need admin access when it never used to before.
VVVVVVVVVVVVV
“C:\Program Files\D5 Render\D5.exe” -(somecommand)
Then suddenly I get a call from my IT dept. That something has been trying to encrypt the files on your computer and your system has been compromised.
He also sent me this after the entire process of cleaning and formatting the computer and got the pc up and running now. Maybe it can help you figure.
We tried installing and doing the same installation in the system beside me as well. And turns out after installing the same executable from the GITHUB file from your website download. (Below is screenshot of redirected website to GITHUB LINK)
Because our firewalls blocks websites like github access we had to give the system open internet access to download the file again and install the new version on the new system. Which dint take much time and it installed 2.6.1.0423 after downloading from your servers.
SCREENSHOT above, it transfers to the Github link and downloads the latest installer files.
After the installation finished on my associates system the first time we ran D5 again it mysteriously asked us ADMIN ACCESS. D5 never did that ever previously. We got suspicious and immediately we asked it to uninstall the software. And it dint let us. It removed the files in programfiles location etc.
But the name D5 was still prevelant in the apps location kept saying you dont have admin rights to do so.
We tried login with the local admin account on the pc and apparently it removed admin account completely or locked us out as it just wouldnt let us login, saying some error. So we knew it was compromised again
and sent it for a reformat. If we would have given it adminaccess, we might have had another even more seriously compromised system on our hands.
Now after 2 systems being compromised we have decided to not use the app until things are fixed. including installing any previous versions, until we know its safe to do so. We are lucky that D5 older versions on other systems are not hit by this and are working fine. As I completed the work at hand on other system yesterday as I had a deadline. But reluctantly we will not be using the same until we are sure that everything’s in the clear.
Its time we had some checks and stringent policies in place to check on these kind of attacks so systems are not compromised like this and I have lost almost 2 whole days and 2 systems in the process.
I have narrated all of this from the documentation of my recollection is all. I couldn’t get all the proofs you needed also. So please bear with me.
PLEASE DO SOMETHING ASAP!!